Fiddling with modern technology used to mean prank calling the Pope. (Hey, Steve Jobs did it, and now he's the CEO of Apple!) But these days, it can mean hacking your way into some serious prison time, jeopardizing national security, or worse. So when exactly did this underground art form take a turn for the nefarious? And what's a cereal-box toy got to do with it all? mental_floss takes a brief look at the godfathers of hacking, including the geniuses who think your antivirus software's a joke.
In 1983, Mark Abene [wiki] was nothing more than a beanie-wearing mall rat with too much spare time. He didn't own a computer, so one day he wandered into a Radio Shack, cozied up to one at the store, and tapped out a few commands. And that's how his hacking habit began - as simple as that. By 1984, with echoes of Orwellian symmetry, he was already using his own PC to sneak into other people's computer systems. While his parents were busy upgrading to a touch-tone phone, Abene was figuring out how to redirect traffic between switchboards.
Then the world learned what a pimple-faced intruder with simple Radio Shack gear was truly capable of. In 1991, in response to the AT&T telephone system crash that left 60,000 customers without a phone line for nine hours, federal authorities burst into Abene's bedroom, guns drawn, and confiscated his computer equipment. Although Abene was ultimately acquitted in the scandal, authorities nailed him for related mischief. Today, his phone hacking, or "phreaking," is an infamous milestone in hacker history. At just 19 years old, Abene (a.k.a. Phiber Optik) became the first hacker to serve time in a federal prison.
Living the High-Tech Life
So, why do they do it? What motivates a suburban teen to hack into a university computer to chat with 40-something garbage collectors, or to compromise bank systems and steal credit card numbers? It's hard to know for sure. But one thing's certain: Not all hackers [wiki] are created equal. As technology has evolved, its human predators have evolved, multiplied, and diversified with it. Today, there are "phreakers [wiki]," who break into major telephone systems to make free phone calls, as well as "crackers [wiki]," who decode encrypted computer systems (often those belonging to major corporations) with alarming ease. Then there are your "spammers [wiki] " - the ones who remotely tap into "zombie" computers to send marketing emails to millions of unsuspecting dupes - and "phishers [wiki]," who con you with look-alike Web sites to steal your account information. Some of them are simply pranksters, out to do nothing more than upload a few erotic http://www.neatorama.com/images onto a government Web site just to prove they can. Others use their powers for good instead of evil, actually working for security agencies and helping define hacking as a worthwhile, productive endeavor. Yet, every hacker seems to have one underlying urge: to exist on the fringes of society and reveal vulnerabilities to all those coloring inside the lines. And it's been that way wince the dawn of the computer age.
In the 1960s, computers were Pontiac-size behemoths encased in glass or housed in wax-floor laboratories accessible only to keycard-wielding geeks. The term "computer scientist" implied a Princeton degree and a government pedigree. Only accredited professionals were allowed the privilege of programming these powerful computers to track university enrollments, analyze medical anomalies, or monitor traffic conditions. Everyone else - the ostensibly computer-illiterate general populace - could only sit back and absorb the impact from the sidelines.
This kind of elitism stuck in John Draper's craw. A Vietnam veteran who loved to tinker with electronics, Draper [wiki] happened upon an opportunity to take the tech bigwigs down a peg. In 1972, one of Draper's friends tipped him off to a curious discovery: a toy whistle from a Cap'n Crunch cereal box could be modified to emit a 2,600-hertz tone - the precise frequency needed to authorize Bell System long distance calls, thus making them free. For Draper, this unlocked a goldmine of vulnerabilities in major phone company systems, and to exploit it, he developed what was known as a blue box [wiki]. At the push of a button, Draper's invention could produce a number of different sound frequencies to manipulate the telephone route and switching systems. Dubbed "Cap'n Crunch," Draper soon found himself the unlikely father of phone phreaking and - arguably - the founder of the modern hack. Interestingly, he shared the news of his invention with Steve Wozniak [wiki], future cofounder of Apple Computer, at a potluck supper for the People's Computer Club in Menlo Park, Calif., where the two enjoyed a prankster rapport. Wozniak later used the blue box with his pal and future Apple head honcho Steve Jobs [wiki] to make untraceable prank phone calls, including one to the Pope.
Back then, phone phreaking offered hackers a potent allure. It meant unraveling a mystery and sharing the results with friends. It wasn't as much about the nefarious phone exploitation as it was about understanding the complexity. Draper, for example, would revel in routing calls through multiple countries just to talk to his neighbor. But no matter how harmless some of his work might have been, Draper did damage to the profit margins of some major companies. In 1976, he was arrested on toll fraud charges and spent four months in prison.
Today, the blue box still works on some foreign phone lines and a few toll calls, but Draper says phone companies have become increasingly adept at spotting illegal usage. The 2,600-hertz tone - now almost meaningless in an age of fiber optics - is a kind of phone phreaking mascot. It even inspired the name of the well-known hacker rag, 2600: The Hacker Quarterly. Meanwhile, Draper has become a god to the hacking masses. To an extent, the concepts of beating the telephone conglomerates, scanning for security flaws, and exploiting a hack as far as possible all originate with Draper. He's promoted the mystique with a hacker portal (www.webcrunchers.com - link not working?) that documents his early days. But now he's working as a security software developer and running a security site (www.crunchtv.net) that seems to disavow hacker mantras.
The Birth of the Worm.
After Draper, there was a time shift in computing. While phreakers were still blowing whistles into phone receivers, a new type of delinquent emerged: the cracker. By the late 1980s, the home PC had become more prevalent but large corporations still cornered the market on the technology. In response, hackers tried even harder to get in on the fun. Hacker clubs surged in popularity - most notably, Germany's Chaos Computer Club, a kind of think tank that fought for free access to computer infrastructure, and Masters of Deception [wiki], a New York hackers club fronted by the Radio Shack hack himself, Mark Abene. Code tinkering for sport was becoming nothing short of an epidemic, and in 1986, the U.S. government tried to thwart the problem by passing the Computer Fraud and Abuse Act (CFAA).
Ironically, computers were about to fall victims to crime and abuse never before imagined. In 1988, Robert Tappan Morris [wiki], a Cornell University grad student (and son of the chief scientist at the National Computer Security Center), created the first Internet "worm [wiki]," a destructive program that replicates itself and moves through a computer network at breakneck speed. Partly to demonstrate his cracking prowess to classmates and partly to show how an MIT security system was vulnerable to attack, Morris wrote a software program that exploited a glitch in a Unix email program. Allegedly, Morris intended the worm program to infect only the MIT network. But during a 12-hour period, it spread rapidly, infecting thousands of systems and forcing some universities to shut down their computers altogether.
Shocked by how quickly the worm was spreading, Morris helped a friend send out an anonymous message with instructions for system administrators to stop the plaque. But it was too late; the worm had propagated beyond control. In the end, every university affected had to spend thousands of dollars to fix its infected computers. Morris became the first person indicted under the CFAA when the U.S. government fined him $10,000 and sentenced him to probation and community service. However, the source code for the worm remains in wide circulation today. Almost 18 years after the incident, hackers are still using Morris' worm as a starting point for new viruses.
When Code Goes Criminal
By the 1990s, hacking had clearly transitioned from the child's play of Cap'n Crunch toys to a brave new world of tech crime. And nothing underscored that shift more than when Kevin Mitnick [wiki] became the first hacker to earn an FBI Most Wanted distinction.
In 1976, while other Americans were celebrating the centennial, Mitnick was sweeping floors at a Radio Shack - not because he loved cleaning, but because he loved using their computers at night to hone his cracking skills. Before long, he'd developed a habit of unraveling computer code in order to see how an operating system worked or (later) how a cell phone connected to a network. Combine that kind of know-how and enthusiasm with a gregarious personality, and you've got a problem. Mitnick once called Motorola and charmed them into sharing their source code for free - information he promptly used to break into the computer systems at Motorola, Nokia, Sun Microsystem, and Fujitsu.
The New York Times broke the story about Mitnick's activities that ultimately led to his 1995 arrest and a five-and-a-half-year prison term. However, there remains widespread misunderstanding (and controversy) about the case. Mitnick denies causing any serious damage to the computer systems he hacked, though he admits sneaking into private networks was wrong. Regardless, the government - still uncertain of what hackers were capable of - treated him as a seriously dangerous man. Authorities were bombarded with claims that Mitnick had done everything from wiretapping the FBI to hacking his way ito NORAD. (He denies those allegations, as well.) They assumed he could crack anything, even fearing he could launch nuclear bombs or shut down the Internet by whistling into a phone. In fact, after he was released from prison, Mitnick was barred from owning or using any electronic communications devices. When he played the role of a computer whiz on a 2001 episode of "Alias," the producers would only allow him access to a dummy computer.
Mitnick has influenced an entire generation of hackers with his innovative and stealthy cracking tactics, such as using IRC (Internet Relay Chat) [wiki] technology, an Internet conferencing system. He's also written treatises stating his belief that the future of hacking lies in "social engineering," in which sensitive computer and coding information is not obtained through people's computers, but from the persons themselves, via false emails and the like. But Mitnick's greatest legacy might be in setting a good example. Today, he's on the straight-and-narrow. The master hacker now spends about 25 percent of his time earning primo consulting fees helping fellow specialists break into "secure" systems in order to show companies how their networks are vulnerable.
Hack to the Future
Perhaps because of the Mitnick case, government authorities in America and other foreign countries hurried to establish Internet crime division. In 1990, the U.S. Secret Service launched Operation SunDevil [wiki], a crackdown on telephone abuse and credit card fraud. Only months into its investigations, a task force raided the homes of several suspected hackers and confiscated their equipment.
Such dramatic courses of action may help protect the public, but combating hacker crime can be problematic because there remains so much uncertainty about who is hacking and why. The term "hacking" is usually considered negative, but many security experts don't classify attempting a cyber break-in as illegal - only the resulting crimes. What's more, there are plenty of hackers devoted to protecting computer systems. A perfect example is the hacker collective "L0pht Heavy Industries [wiki]," which met in Boston throughout the 1990s to discuss security flaws on the Internet. In 1998, the group reported to Congress that it could shut down the entire World Wide Web in 30 minutes. (Note: This is only partially true, because the Internet consists of disparate zones. A hacker could conceivably shut down individual Internet zones, but not all of them at the same time. Nevertheless, it was a major eye-opener for the U.S. government.)
While helpful hacking is possible, there will always be the tech-savvy among us who have bad intentions. New phenomena such as "denial-of-service" [wiki] attacks, which flood a network with traffic to slow down targeted computer systems, and "phishing [wiki]," where hackers con unsuspecting customers into entering personal information on fake Web sites, have replaced phreaking as the big cracking techniques of the day. Also, because wireless hotspots are becoming so common, hackers now are working on programs that can de-encrypt various signals and wreak havoc on corporate networks without leaving a trace.
So, where will it end? No one really knows. But as long as technology continues advancing, you can bet the imagination and skills of hackers will advance right along with it.
Hackers, Crackers, and Phreakers, Oh My!